OpenID4VCI: add authorization_details token response parameter

openid / OpenID4VCI

68 stars 19 forks source link

OpenID4VCI: add authorization_details token response parameter #2

Closed OIDF-automation closed 1 year ago

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1587

Original Reporter: tlodderstedt

Section 7 of draft-ietf-oauth-rar requires:

In addition to the token response parameters as defined in [RFC6749], the authorization server MUST also return the authorization details as granted by the resource owner and assigned to the respective access token.

At least the example in Section 8.2 should therefore include the authorization_details response parameter.

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket - Original Commenter: peppelinux

Is this requirement linked to get a proof of which aspects have been allowed in the response, considering that an issuer may consider some of these and ignore/reject a part or all of these?

OIDF-automation commented 1 year ago

Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda

do we need an example? Can it be sufficient to add a clarifying text in this regard?

Sakurann commented 1 year ago

this is addressed by PR #65. Does this mean that optional authorization_details parameter needs to be added to the token request too..?

Sakurann commented 1 year ago

PR merged